RabbitMQ Password
ID |
amqp_assignment |
Severity |
high |
Vendor |
RabbitMQ |
Family |
Data Storage Secret |
Description
The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware. The defining features of AMQP are message orientation, queuing, routing, reliability and security
This protocol is used in RabbitMQ, one of the most widely deployed open source message broker.
Security
Any hardcoded AMQP Connection String or Credential is a potential secret reported by this detector.
Accidentally checking-in the key to source control repositories could compromise your AMQP service.
Examples
spring.rabbitmq.host=google.com spring.rabbitmq.port=5672 spring.rabbitmq.username=admin spring.rabbitmq.password=p@ssworD
Mitigation / Fix
-
Follow your policy for handling leaked secrets, which typically require changing the password in the target system(s). In this case, you may use the rabbitmqctl change_password command:
rabbitmqctl change_password <USERNAME> <NEWPASSWORD>An alternative is to revoke access for the affected user.
-
Remove the password from the source code or committed configuration file.
If under a git repository, you may remove unwanted files from the repository history using tools like
git filter-repoorBFG Repo-Cleaner. You may follow the procedure listed here for GitHub.
|
You should consider any sensitive data in commits with secrets as compromised. Remember that secrets may be removed from history in your projects, but not in other users' cloned or forked repositories. |